CVEs from 2020
Total
4,160
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.6%
% with KEV
3.5%
% with exploit
3.6%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-0543 | high | — | 8.0 | — | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-6479 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-1723 | high | — | 8.0 | — | multiple issues in keycloak | |
| CVE-2020-28026 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline … | |
| CVE-2020-8625 | high | — | 8.0 | — | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not … | |
| CVE-2020-5260 | high | — | 8.0 | — | Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store … | |
| CVE-2020-0548 | high | — | 8.0 | — | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-12409 | high | — | 8.0 | — | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |
| CVE-2020-16150 | high | — | 8.0 | — | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode … | |
| CVE-2020-28008 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s… | |
| CVE-2020-12351 | high | — | 8.0 | — | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |
| CVE-2020-12407 | high | — | 8.0 | — | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the u… | |
| CVE-2020-6579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-0549 | high | — | 8.0 | — | Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-26164 | high | — | 8.0 | — | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De… | |
| CVE-2020-12352 | high | — | 8.0 | — | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |
| CVE-2020-24489 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-24513 | high | — | 8.0 | — | Important: microcode_ctl security, bug fix and enhancement update | |
| CVE-2020-12405 | high | — | 8.0 | — | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… | |
| CVE-2020-13113 | high | — | 8.0 | — | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | |
| CVE-2020-2732 | high | — | 8.0 | — | A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 gu… | |
| CVE-2020-15673 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2020-15811 | high | — | 8.0 | — | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… | |
| CVE-2020-6441 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6443 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-36328 | high | — | 8.0 | — | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln… | |
| CVE-2020-10188 | high | — | 8.0 | — | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem … | |
| CVE-2020-12411 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-16012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28013 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the i… | |
| CVE-2020-15676 | high | — | 8.0 | — | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditabl… | |
| CVE-2020-35701 | high | — | 8.0 | — | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete… | |
| CVE-2020-16018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-8696 | high | — | 8.0 | — | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2020-16024 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15675 | high | — | 8.0 | — | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | |
| CVE-2020-16025 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16030 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16037 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16031 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12406 | high | — | 8.0 | — | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… | |
| CVE-2020-16036 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16038 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16027 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16042 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16035 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-10760 | high | — | 8.0 | — | A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | |
| CVE-2020-16026 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15656 | high | — | 8.0 | — | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only … | |
| CVE-2020-3123 | high | — | 8.0 | — | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service … | |
| CVE-2020-15678 | high | — | 8.0 | — | When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClipped… | |
| CVE-2020-1971 | high | — | 8.0 | — | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d… | |
| CVE-2020-26979 | high | — | 8.0 | — | When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the d… | |
| CVE-2020-28017 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of res… | |
| CVE-2020-16028 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16043 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16032 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-12408 | high | — | 8.0 | — | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | |
| CVE-2020-15995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6477 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6482 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28014 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |
| CVE-2020-27187 | high | — | 8.0 | — | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker … | |
| CVE-2020-16034 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-16033 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-35733 | high | — | 8.0 | — | certificate verification bypass in erlang | |
| CVE-2020-6474 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28010 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |
| CVE-2020-6467 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-28011 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. | |
| CVE-2020-28009 | high | — | 8.0 | — | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation … | |
| CVE-2020-26978 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi… | |
| CVE-2020-35114 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2020-28019 | high | — | 8.0 | — | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a clien… | |
| CVE-2020-35111 | high | — | 8.0 | — | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us… | |
| CVE-2020-28926 | high | — | 8.0 | — | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re… | |
| CVE-2020-6447 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6461 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6831 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-6465 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-15659 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2020-6448 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6462 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2020-15953 | high | — | 8.0 | — | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien… | |
| CVE-2020-6470 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6437 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6440 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6444 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6476 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6469 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6471 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6480 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-6475 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2020-10745 | high | — | 8.0 | — | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… |